Customer Cloud Gallery – Google Drive & Dropbox Photo Gallery

Tired of subscribing to yet another photo service just to share galleries with your clients? Customer Cloud Gallery lets you deliver beautiful client photo galleries straight from your own Google Drive or Dropbox — on your own WordPress site, with no extra monthly fees.

Connect the Drive or Dropbox folder you already use, paste a shortcode, and you get a fast, mobile-friendly gallery with downloads, favorites and optional password protection. Your originals stay in the cloud; the plugin streams thumbnails and full-resolution files on demand — so your site stays fast, your hosting disk stays empty, and there are no monthly gallery-hosting fees and no per-gallery limits.

Who it’s for

• Photographers delivering client work — wedding, portrait, family, event, newborn, real-estate and product photography
• Studios & agencies that want galleries on their own domain and brand
• Schools, clubs & teams sharing event photos with parents and members
• Anyone who already keeps photos in Google Drive or Dropbox

What you get (Free)

• Google Drive and Dropbox — connect one or both; pick the folder per gallery
• Fast lazy-loading grid with full-screen lightbox, keyboard navigation and mobile swipe
• Client favorites — visitors heart their picks and filter to just those
• Downloads done right — single originals, a whole-gallery ZIP, or a visitor’s hand-picked selection as one streaming ZIP (multi-GB galleries work)
• Optional password protection for client-only delivery — or keep it public
• GDPR-ready cookie control — master on/off switch per gallery; visitors can clear their cookie
• Design options — accent, hover and border colours
• Works with any theme — self-contained shortcode, no template editing

Your files never touch our servers — Drive/Dropbox are accessed with your own OAuth credentials (see “External Services” below).

Earn money with Pro

Don’t just save on fees — earn real money from your galleries. The Pro print shop lets your clients order professional prints right inside their gallery: you set the formats, paper types, prices and shipping, and orders arrive by e-mail with payment via PayPal or SEPA bank transfer. No marketplace commission, no card-processing setup.

Pro also adds:

• Print shop — clients order prints directly from each gallery, with full order management (New → Confirmed → Shipped)
• Visitor statistics dashboard — page views, most-loved photos and top downloads, per gallery and per visitor
• CSV export of client favourite selections — ideal for prepping an album or print run
• Priority support

The Free plugin above is complete and fully functional on its own — Pro simply adds the print shop, statistics and exports.

Get the most out of it

1. Keep one Drive/Dropbox folder per client or event — the gallery mirrors it.
2. Create a gallery, password-protect the page, and send your client the link.
3. Switch on the Pro print shop to take print orders automatically.

Why cloud storage?

Uploading full-resolution galleries to your web server is slow, wastes disk quota, and makes migration painful. With Customer Cloud Gallery the originals stay in Drive or Dropbox — the plugin fetches thumbnails on first request, caches them locally, and streams originals on demand. Server load is minimal even for 4K RAW previews.

Security

• OAuth tokens are stored AES-256-CBC encrypted using WordPress’s AUTH_KEY
• Per-gallery nonces prevent cross-gallery file access (IDOR protection)
• All file-serving endpoints verify that the requested file actually belongs to the requested gallery
• Download nonces expire after 24 hours
• Cache directory blocks PHP execution and directory listing via .htaccess
• Visitor cookies are httponly + SameSite=Lax

External Services

This plugin connects to third-party services to deliver its core functionality. The connections are listed here so you can include them in your site’s privacy policy.

Google Drive API

Used only when the site administrator connects a Google Drive account in the plugin settings. The plugin uses OAuth 2.0 credentials that you generate yourself in your own Google Cloud Console — your data never passes through any server operated by the plugin author.

What is sent: OAuth tokens, folder IDs and file IDs that you choose to display. No visitor data is transmitted.
When: each time an admin browses folders in the plugin, and on a scheduled cron to refresh thumbnail caches.

• Service URL: https://www.googleapis.com/drive/v3/
• Terms of Service: https://policies.google.com/terms
• Privacy Policy: https://policies.google.com/privacy

Dropbox API

Used only when the site administrator connects a Dropbox account in the plugin settings. Uses an OAuth app you register in your own Dropbox developer account.

What is sent: OAuth tokens, folder paths and file IDs that you choose to display. No visitor data is transmitted.
When: each time an admin browses folders, and on a scheduled cron to refresh thumbnail caches.

• Service URL: https://api.dropboxapi.com/
• Terms of Service: https://www.dropbox.com/terms
• Privacy Policy: https://www.dropbox.com/privacy

Freemius

The plugin uses the Freemius SDK to deliver license management for the optional Pro upgrade. Freemius is contacted only after the site administrator explicitly opts in during plugin activation. If you skip the opt-in, no data is sent to Freemius and the Free version remains fully functional.

What is sent (only after opt-in): site URL, WordPress version, PHP version, plugin version, an anonymized site identifier and — if a Pro license is activated — the license key for validation.

• Service URL: https://api.freemius.com/
• Terms of Service: https://freemius.com/terms/
• Privacy Policy: https://freemius.com/privacy/

Privacy Policy

Customer Cloud Gallery stores the following data in your WordPress database:

Visitor cookie (all visitors)
A random visitor ID is generated server-side on the first gallery visit and stored in a browser cookie. The cookie name is wpg_visitor (the legacy name is kept since 1.12.1 so existing visitor favourites remain attached to the correct cookie after the prefix-rename migration; everything else uses the new ccgal_ prefix). The cookie is valid for 365 days. Its value is a random hexadecimal identifier with no relationship to any real-world identity, and is stored as-is in the database — there is no name, e-mail address, or plain-text IP address recorded against it.

Favourites
When a visitor hearts an image, the random visitor ID, the gallery ID, and the cloud file ID are stored in the wp_ccgal_favorites table. No personal data is included.

Download tracking (Pro, if the statistics module is enabled per gallery)
When the Pro statistics module is loaded and enabled per gallery, downloads are recorded in wp_ccgal_downloads: random visitor ID, gallery ID, file ID, download type, and a salted SHA-256 hash of the visitor’s IP address. The original IP address is never persisted — only the one-way hash, salted with the site’s AUTH_SALT. The Free plugin never writes to this table.

Page-view tracking (Pro, if the statistics module is enabled per gallery)
When the Pro statistics module is loaded and the per-gallery statistics sub-switch is on, page and image views are recorded in wp_ccgal_views: random visitor ID, gallery ID, file ID, salted IP-hash and timestamp. The Free plugin never writes to this table.

Print orders (Pro, if the print shop is enabled)
Stores the customer’s name, shipping address, e-mail address, optional phone number, optional message and the ordered items in wp_ccgal_orders and wp_ccgal_order_items. This data is necessary to fulfil the order and is retained until the site administrator deletes the order.

Personal data export & erasure (WP Privacy Tool)
The plugin integrates with the standard Tools → Export Personal Data and Tools → Erase Personal Data workflows. Print orders (Pro) are returned/erased by customer e-mail. Anonymous gallery favorites are, by design, not linkable to an e-mail address; the response message will note this explicitly so the requester knows their cookie-based records cannot be associated with their identity.

Data deletion
In addition to the WP Privacy Tool above, site administrators with the Pro statistics module can delete all tracking data for a specific visitor from the Statistics dashboard. Removing the plugin via Plugins → Delete erases all options, custom tables, gallery posts, and the thumbnail cache.

Suggested privacy policy text
The plugin contributes a ready-made privacy policy paragraph to Tools → Privacy → Privacy Policy editor that you can copy into your public privacy page.

No third-party transmission
No visitor data is sent to external servers by this plugin. Thumbnails are fetched from Google or Dropbox APIs using the site administrator’s OAuth credentials — visitor sessions are never used for cloud API calls.

Photographer’s responsibility
If you use this plugin on your site you are the data controller for your visitors’ data. You should inform your visitors about the visitor cookie in your site’s privacy policy and, where required, obtain consent before enabling statistics tracking (Pro module only).